About this Add-on

Winner of the "PC World World Class Award", this tool gives you with the best available protection on the web. It allows JavaScript, Java and other executable content to run only from trusted domains of your choice, e.g. your home-banking site, guarding your "trust boundaries" against cross-site scripting attacks (XSS), cross-zone DNS rebinding / CSRF attacks (router hacking), and Clickjacking attempts, thanks to its unique ClearClick technology. It also implements the DoNotTrack tracking opt-out proposal by default, see https://hackademix.net/2010/12/28/x-do-not-track-support-in-noscript/.Such a preemptive approach prevents exploitation of security vulnerabilities (known and even unknown!) with no loss of functionality where you need it.Experts do agree: Firefox is really safer with NoScript ;-)

IMPORTANT: before asking or commenting about the *completely anonymous* request made to https://secure.informaction.com/ipecho on startup, or the those sent to your own WAN IP periodically, please read about the WAN IP protection feature at http://noscript.net/abe/wan (mentioned also in the release notes for 2.0 and in the privacy policy here). If you're in doubt about the full anonymity and total privacy of this feature, just check (or let someone you trust check) the source code here, the file is content/DNS.js. Thanks.

Version Information

Version 2.9.5.2
Released November 28, 2016
542.6 KiB
Works with
Firefox 45.0 and later, SeaMonkey 2.43 and later

Development Channel

The Development Channel lets you test an experimental new version of this add-on before it's released to the general public. Once you install the development version, you will continue to get updates from this channel. To stop receiving development updates, reinstall the default version from the link above.

Caution: Development versions of this add-on have not been reviewed by Mozilla.

Privacy Policy

The NoScript add-on does not track, collect, store, reuse or share any data whatsoever about its users.

The "Site Info" feature, introduced in NoScript 1.9.9.60, provides privacy and security information about web sites shown in the NoScript menu, as soon as user middle-clicks or shift clicks one of them: when activated, after a one-time explanatory prompt, it sends a query containing the site domain to http://noscript.net. Also in this case, the data sent is used only to provide the Site Info page and it's not stored nor shared nor reused.

NoScript 2.0rc5 and above extends its protection against DNS rebinding to those attacks which specifically target your router's external (WAN) IP address. In order to protect it, NoScript needs to detect the WAN IP currently exposed to internet web sites by your HTTP requests: for this purpose, NoScript sends a completely anonymous query to the https://secure.informaction.com/ipecho web service, which provides back this information on a secure channel, typically once a day. Again, no data except the aforementioned WAN IP address travels on the secure channel, and no user data at all is collected, nor stored, nor shared nor reused by InformAction or any other party.This feature, enabled by default, can be disabled by unchecking "NoScript Options|Advanced|ABE|WAN IP ∈ LOCAL".